In software engineering, CI/CD or CICD is the combined practices of continuous integration and either continuous delivery or continuous deployment. CI/CD bridges the gaps between development and operation activities and teams by enforcing automation in building, testing and deployment of applications.
Edgescan has identified the need to shift left and identify vulnerabilities earlier in the software development lifecycle.
For this reason, a fully supported plugin was developed for CI/CD pipelines. This integration allows DevOps teams to initiate VM scanning from their chosen platform. Once initiated, a scan will take place, and a pass/fail will be returned depending on configured criteria. The build will fail if the results do not match the configured criteria. Otherwise, the build will proceed to the next step if applicable.
This docker image can be deployed to any appropriate environment.
Edgescan CI/CD integration
This image allows to kick off an assessment and fails/succeeds according to its result.
It succeeds if the assessment completes with no vulnerabilities found (a tolerance for the risk level can be provided), it fails otherwise.
When it’s not waiting for the scan to finish it succeeds once the assessment is started.
The program will exit with value 0 on success and -1 otherwise.
Pull the Docker image
docker pull edgescan/cicd-integration
Execute the Docker image and append
--help for details about its usage
docker run --tty edgescan/cicd-integration --help
Configuration can be provided in 3 ways (in order of priority)
1. CLI flags 2. YAML configuration file 3. Environment variables
Command line flag
Field name in configuration file
Environment variable name
|Max Risk Threshold||–max-risk-threshold||max_risk_threshold||MAX_RISK_THRESHOLD||3||False|
|Wait||–wait / –no-wait||wait||WAIT||True||False|
|Color||–color / –no-color||color||COLOR||True||False|
Execute the Docker image
Executing with the command line interface
docker run --tty edgescan/cicd-integration --asset-id 1234 --api-token th34p1t0ken
Executing with a YAML config file
docker run --tty -v /local/path/to/file.yml:/cicd-config.yml edgescan/cicd-integration
Executing with environment variables
docker run --tty -e ES_API_TOKEN="th34p1t0ken" -e ES_ASSET=1234 edgescan/cicd-integration
Executing with a dotenv file
docker run --tty --env-file .env edgescan/cicd-integration
Executing with 3 methods
docker run --tty -v /path/to/file.yml:/cicd-config.yml --env-file .env edgescan/cicd-integration --asset-id 1234